--Nq2Wo0NMKNjxTN9z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 08, 2005 at 02:03:34PM +0100, Edgar, Bob wrote:
> Forgive my naivety but what is wrong with the following:
>=20
> try to open/create the file/directory
> if EACCESS {
> foreach group in longlist {
> addgroup to groups list
> try to open/create the file/directory
> if success break
> }
> if failure return EACCESS
> }


Exactly this does not work. See my example in the posting you replied to. T=
he
kernel can *deny* your access based on a group membership. So you have to
replicate the kernel functionality for access controls completely in user
space. For each and every access that is access control sensitive.

Volker

--Nq2Wo0NMKNjxTN9z
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCLa4uP/hMgvhmbo4RAkV6AJ0RLSYilvQTEMKI4y5wdXu7xgtsbACeLjrH
hU1KwzCQRatjdFjqF/7dG7s=
=/rRJ
-----END PGP SIGNATURE-----

--Nq2Wo0NMKNjxTN9z--